Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.

Security company McAfee, which uncovered the intrusions, said it believed there was one “state actor” behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.

The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

In the case of the United Nations, the hackers broke into the computer system of the UN Secretariat in Geneva in 2008, hid there unnoticed for nearly two years, and quietly combed through reams of secret data, according to McAfee.

“Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” McAfee’s vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.

“What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”

McAfee learned of the extent of the hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a “command and control” server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.

It dubbed the attacks “Operation Shady RAT” and said the earliest breaches date back to mid-2006, though there might have been other intrusions as yet undetected. (RAT stands for “remote access tool,” a type of software that hackers and security experts use to access computer networks from afar).

Some of the attacks lasted just a month, but the longest –on the Olympic Committee of an unidentified Asian nation — went on and off for 28 months, according to McAfee.

“Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors,” Alperovitch told Reuters.

“This is the biggest transfer of wealth in terms of intellectual property in history,” he said. “The scale at which this is occurring is really, really frightening.”

…

For full original article, see here

L’accord auquel nous souhaitons parvenir est très simple. Chaque Etat s’engagerait à trois choses : protéger ses citoyens de ces attaques ; ne pas abriter ou protéger de cyberterroristes sur son territoire ; et ne pas lancer d’attaque sur un autre pays. Un tel accord ne pourrait pas concerner uniquement les Etats, il devrait aussi impliquer d’une manière ou d’une autre le secteur privé. Nous vivons dans un monde qui a beaucoup changé. Le conflit entre Google et la Chine en est un bon exemple : il ne s’agit pas d’un conflit classique entre deux Etats.

Lors d’une cyberattaque, il est extrêmement difficile d’établir si elle est le fait d’un Etat ou d’un individu isolé. Comment faire respecter un tel accord s’il est quasiment impossible d’identifier un assaillant avec certitude ?

Ce projet d’accord ou de traité fait partie d’un projet plus vaste : nous avons mis en place un groupe de travail qui a identifié plusieurs axes prioritaires, et l’un d’entre eux est la normalisation des outils d’enquête utilisés par les Etats. Si tous les Etats se mettent d’accord sur la manière dont on doit procéder au pistage d’une adresse IP (Internet Protocol), par exemple, il devient beaucoup plus difficile de contester la paternité d’une attaque.

Par ailleurs, d’autres mesures doivent être prises pour faire du réseau un endroit sûr. La cyberguerre n’est pas forcément le plus gros problème auquel nous devions faire face. Aujourd’hui, déjà, il existe une importante cybercriminalité en ligne contre laquelle il faut agir, notamment en ce qui concerne la pédopornographie. Cela passe par une meilleure éducation de tous, de meilleurs outils techniques, mais surtout par un cadre juridique et réglementaire commun : chaque Etat doit criminaliser le crime dans le cyberespace.

Un projet de loi est discuté ce mercredi au Parlement américain pour renforcer les capacités de défense des Etats-Unis contre les cyberattaques. Mais d’après un rapport de l’entreprise McAfee, plusieurs pays, dont la France, Israël, les Etats-Unis, la Russie ou la Chine ont également mis au point des armes cybernétiques offensives. Partagez-vous ce diagnostic ?

Malheureusement oui : d’après nos informations, il existe des réseaux de botnets [des machines infectées par un virus et qui peuvent être contrôlées à distance pour mener une attaque, le plus souvent à l'insu du propriétaire, NDLR] militaires. Mais ces armes n’ont pas été testées à grande échelle : les utiliser, c’est s’exposer au risque d’une riposte qui détruirait aussi les infrastructures informatiques de l’assaillant.

On serait donc confrontés à un “équilibre de la terreur”, semblable à celui qui a existé durant la guerre froide ?

Pas tout à fait. Pendant la guerre froide, il y avait deux superpuissances. Aujourd’hui, il y a six milliards d’habitants sur la planète, et chacun d’entre eux est une cyberpuissance potentielle. Souvenez-vous des dégâts provoqués par le virus ILoveYou : il a été créé par une seule personne, avec un ordinateur à moins de 1 000 dollars.

John Negroponte, ancien directeur des renseignements américain sous George Bush, a exprimé des réserves sur la manière dont un tel traité pourrait être appliqué. Vous semble-t-il possible de parvenir à un accord global, et comment le faire appliquer ?

Je l’ai constaté à Davos : ce sont ceux qui pensent être le mieux protégés qui sont les plus réticents à laisser d’autres institutions se pencher sur ce problème. Pour l’instant, nous travaillons de concert avec les autres agences des Nations unies, notamment l’Office contre la drogue et le crime et Bureau des affaires du désarmement. Nous en parlons également avec Interpol. Il existe déjà des accords appliqués au niveau régional, il est possible de les généraliser au niveau mondial.

Pour y parvenir, il est crucial de dépolitiser cette question et de trouver les dénominateurs communs. Tout le monde est concerné par la protection de sa vie privée, par le maintien de la confidentialité des données, les citoyens comme les entreprises ou les Etats qui craignent l’espionnage économique ou militaire. La définition même de ce qui constitue un crime peut varier d’un pays à l’autre, par exemple en ce qui concerne la pornographie : c’est pourquoi il est vital “d’avancer en parlant”, et de proposer des choses concrètes dès cette année.

In this video, we explore a number of ways that Palantir can help commanders and analysts to achieve the information advantage required to win the Afghan counterinsurgency battle:

* Enabling information flow from the bottom up, ensuring that the critical knowledge gained on the ground reaches all who need to know
* Combining data on insurgent groups and local populations into one common operating picture
* Enriching traditional intelligence with the insights of local leaders, UN officials, NGOs, Provincial Reconstruction Teams, and Civil Affairs officers
* Providing a framework for collaboration in remote and austere environments

Download the WMV (54 MB)
Note: All data contained in this video are unclassified and open-source.

For a time the utopians were right. Oppressors were — and continue to be — outwitted by the tech-smart young. Corrupt officials in China are now more often called to account; Iran’s regime lost face — although not power — when its rigged election and the ensuing crackdown were Twittered and YouTubed to the world; and “flash mobs” — sudden demonstrations organised on mobile phones — rocked Belarus, once described by Condoleezza Rice, the former US secretary of state, as “the last outpost of tyranny in Europe”.

The utopian flame still burns. A recent high-level conference in Washington held a session entitled Twitter Against Tyrants: New Media in Authoritarian Regimes. “Tear down the walls of the 21st century,” urged Sam Brownback, the Republican senator, “the cyberwalls and electronic censorship technology used by tyrants.”

Sorry, Sam, it ain’t going to happen. And here’s why. Evgeny Morozov, an expert on the internet’s political effects, points out in an article in this month’s Prospect magazine that events in Belarus weren’t quite what they seemed. The tyrants quickly smartened up. They hacked sites and turned up at flash-mob locations before the mob itself. Dissidents were questioned by the country’s security service, which still uses the name KGB — Belarus is sentimental about old forms of communist nastiness — and intimidation rapidly cut the numbers of protesters.

The utopians had missed something about cyberspace. So do we all. Twitter, Facebook and the other social networking sites do half the oppressors’ job for them, providing traces, networks and contacts — pure gold to the goons. Furthermore, the advent of cloud computing — in which information that would once have been stored on your computer is now kept on servers around the world — means yet more of your life is out there and hackable.

“There’s a lot of talk about privacy and we’re all very concerned about it,” says Jo Glanville, the editor of Index on Censorship magazine, “but we keep surrendering our privacy in a very naive fashion.”

There have been three phases of state control of the internet. First came the “great firewall” of China. You simply block access to sites regarded as sensitive. But everybody knows you’re doing it.

So phase two involves selective blocking — known as “just in time attacks”. A site may go down as a protest is being organised. It’s a network problem, claim your goons. Also in phase two are vague regulations that allow your police to press charges no one quite understands. And there’s the blackmailing of internet companies — basically you push them out of business unless they block sites or hand over information. More crudely, as in Uzbekistan or Kyrgyzstan, there is the threat of prison.

Now, it’s phase three, which is much more sinister. In China this phase is represented by the so-called 50 cent army — people who, for a tiny sum of money, go out and “astroturf” blogs or Twitter.

Astroturfing means placing comments while concealing who is behind them. So pro-Chinese comments and posts are frequently placed by government proxies. The freedom of the internet is used against itself. Even in liberal democracies this means internet content may turn out to be pure propaganda. It cannot be a replacement for old-fashioned politics.

“I am deeply sceptical of the idea that Twitter can be the new democracy,” says Paul Staines, author of the hugely successful Guido Fawkes political blog. “You’ve still got to organise on the ground; you’ve still got to storm the palace.”

Good old mailshots work better. Staines says the Tories have taken a strategic decision not to use Twitter for precisely this reason. In fact, Twitter in this country is an overwhelmingly left-wing system. A Prospect/YouGov poll shows that Britain’s 5.5m Twitterers are “a youthful metropolitan elite”, far more liberal than the population as a whole and, indeed, Labour voters.

However, the most active users of new media are often real nasties, Morozov says — Hezbollah in Lebanon, criminal gangs in Mexico, anti-immigration groups in Russia and the Revolutionary Guard in Iran.

Deibert is not optimistic either: “This is no longer a network connecting researchers and hobbyists; it’s one through which all communication is taking place, and it’s being played for enormously high stakes. Those of us who want to keep this as a public commons face an uphill struggle … cyberspace has been rapidly degraded.”

His Citizen Lab group has fought back with software — Psiphon — that allows users to circumvent state controls. What he wants most is a cyberspace arms treaty committing all its users to freedom and openness. Sadly, it’s hard to imagine this working. Cyberspace has lost its innocence and become all too human. And that seldom means free.

bryanappleyard.com

An anonymous reader writes "Help Net Security is running an interview with Rafal Rohozinski, a founder and principal investigator of the OpenNet Initiative, which investigates, exposes and analyzes Internet filtering and surveillance practices all over the world. Rafal provides insight on the process of assessing the state of surveillance and filtering in a particular country and discusses differences related to these issues in several regions, touching especially the United States and Europe. In the US, censorship is more difficult to implement if for no other reason than the court systems offer greater protections for freedom of speech. However, in both places surveillance is on the rise particularly as law-enforcement agencies become more adept at working in the cyber domain."

He may sound overly dramatic, until one thinks back to what happened to the tiny Baltic country of Estonia. In 2007, for a period of two weeks Estonia’s Web sites were hit by so many bogus requests for information that its sites crashed.

The Internet warfare broke out amid a furious row between Estonia and Russia over the removal of a Soviet war monument. While Russia may be considered a superpower, Hamdoun Toure says in a cyber war, there is no such thing as a superpower.

“Every citizen on this planet is a potential superpower and, it will be unfortunate if we have to fight the next fight in the cyber space,” he said. “And, we know from the conventional wars today that the best way to win a war, any war, is to avoid it in the first place.”

A couple of months after the cyber attack paralyzed Estonia’s Internet, the ITU announced an ambitious two-year plan to curb cyber crime. As part of that effort, the ITU teamed up with a Malaysian company called IMPACT to come up with a system to help nations and their citizens prevent, defend and respond to cyber threats.

The result of this collaboration is the so-called Global Response Center, which is demonstrated here at Telecom by Technical Advisor for IMPACT, Mohammed Shihab.

“The Global Response Center has two functions,” he said. “Function one is an early warning system. Now what an early warning system means is that all the global threat intelligence is brought to us on a near real time basis. We collate all this information and we let all member countries have access to this information.”

The second function is called ESCAPE.

“Once you detect an attack, what you do is you access the ESCAPE part of the Global Response Center,” said Shihab. “So from here, the analyst will be able to identify that if a country has raised a particular issue, you look at the network trends and then you look at the attack scenarios, find out where the concentration of these attacks are and then getting the experts to help a country solve these problems.”

The ITU reports there are more than one billion Internet users in the world today. It says the number of crimes committed in cyber space is increasing at an alarming rate. And, it says, the cyber criminals are becoming more sophisticated in their tactics.

ITU officials say the days of the teenage hacker accessing the Web sites belonging to the White House or Pentagon for fun are receding. They say billions of dollars can be made in cyber space. Criminal gangs know this and are going where the money is.

“The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower. … Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack. … The best way to win a war is to avoid it in the first place.”

Hamadoun’s observations on the likelihood of a global World War III, provided via the Agence France-Presse, may be a bit tardy, according to a West Point officer charged with training the next generation of Army officers on cybersecurity.

U.S. Army Lt. Col. Gregory Conti, an academy computer science professor at the U.S. Military Academy, said cyberwarfare isn’t as evident as a conventional war, but it’s just as real. In an interview I conducted for one of our podcasts, Conti said:

“I personally believe – cyberwarfare cold war, for sure – a full-out cyberwarfare war is ongoing now. Major companies that are being attacked aren’t really talking about it, but it’s going on. Information is being stolen, machines compromised; attacks are occurring on an incredible scale right now.

That’s why every West Point graduate who enters the military must take at least two cybersecurity courses, regardless of the cadet’s major, and IT security is integrated into the curriculum of nearly every computer science course taught at the academy.

But training young military officers in cyberwarfare might not be sufficient. In the interview, and in an article he co-authored, Conti proposes the establishment of a fourth military branch, a Cyberspace branch, to complement the Army, Navy and Air Force in defending our nation and interests. From the article, co-written with Army Col. John “Buck” Surdu:

“Adding an efficient and effective cyber branch alongside the Army, Navy and Air Force would provide our nation with the capability to defend our technological infrastructure and conduct offensive operations. Perhaps more important, the existence of this capability would serve as a strong deterrent for our nation’s enemies.”

But will a strong deterrent work in a world – a cyber world – where you not only can’t see the enemy, but don’t know where he or she is hiding? It must.

“The next world war could begin in cyberspace,” warned Hamadoun Touré, secretary general of the International Telecommunication Union, the United Nations agency that organized the event.

The beginnings of such an unconventional war could be out of the control of conventional diplomacy, he said, because in cyberspace “there is no such thing as a superpower: Every citizen is a superpower.” With an army of “bots,” or compromised computers, at their command, almost anyone could wield great power in a virtual battle, as a number of recent denial-of-service attacks against targets around the world have shown.

“We know from conventional wars that the best way to win is not to start,” Touré said.

That’s why the ITU is pushing an ambitious worldwide program for cybersecurity and peace.

“By the end of next year, we will broker a global agreement with every country to protect its citizens online, not to harbor cyberterrorists, and not to start an online attack,” he said.

U.N. Secretary General Ban Ki-moon began by expressing his sorrow at news of an all-too-real attack, the suicide bombing earlier in the day of the Islamabad, Afghanistan, office of the U.N. Food and Agriculture Organization, which left several people dead.

Returning to the theme of the conference, he highlighted “a world divided,” those with access to information on one side, and those without on the other.

Encouraging the participation of “our youth, drivers of innovation and change,” is vital if those divisions are to be eradicated, he said.

Investment in infrastructure and services must be encouraged too in order to eliminate the technology divide — but the motive should be profit, not charity, Touré said.

“In our strategy of connecting the world, we have no need for charity: It’s pure business. If you have the right business plan, you will have investment,” he said.

The telecommunications industry will always have investment, because it’s a profitable industry, he said.

That’s turning out to be the case in Rwanda, said President Paul Kagame, where state infrastructure projects have attracted investment from Chinese network equipment manufacturers.

“The availability of capital for everything is getting more and more scarce, but in our country there is a strong partnership between public and private sectors,” he said.

China continues to invest internationally, despite the impact of the global economic crisis and the attraction of the untapped potential of its home market, said Wang Jianzhou, chairman and chief executive officer of China Mobile, also present at the news conference.

“We have still got challenges from the international financial crisis,” he said. In the company’s home market, revenue from international calls is down 20 percent because of a reduction in tourism and manufacturing exports, he said.

UNITED NATIONS, Sept. 25 (Xinhua) — Cyber threats can cross borders and wreak havoc, not just in information technology circles, but in communities, President Toomas Hendrik Ilves of Estonia warned at the UN General Assembly here Friday, calling for enhanced global cooperation to tackle the problem.

“Concurrently with the rapid development of computer technology we are witnessing alarming signs of more sinister developments: cyber attacks are growing more complex and their use is increasing in frequency,” Ilves said while speaking to the general debate of the General Assembly, which entered its third day here Friday.

The president called on governments and the private sector to join forces to boost their ability to respond to cyber threats.

Also crucial in the fight against cyber attacks are enhanced domestic frameworks to include the criminalization of cyber crimes, he said. “Our long-term aim should be the creation of a universal cyber culture — a universally accessible, secure and safe environment for all.”

In his wide-ranging speech to heads of State and government, the Estonian leader also touched on such issues as climate change, the global financial crisis and the situation in Afghanistan.